Newly availableUseful in modern browsers, but confirm support before making it a core requirement.
Security and APIs Newly available

Storage access

The document.requestStorageAccess() method allows content in iframes to request storing and reading cookies and other site data, while the document.hasStorageAccess() method checks if such access is granted. It is most useful when native HTML semantics or browser capabilities can replace custom implementation work.

Security and APIsSecurity

Overview

The document.requestStorageAccess() method allows content in iframes to request storing and reading cookies and other site data, while the document.hasStorageAccess() method checks if such access is granted. It is most useful when native HTML semantics or browser capabilities can replace custom implementation work.

Browser support

Feature Desktop Mobile
Chrome
Edge
Firefox
Safari
Chrome Android
Safari iOS
api.Document.hasStorageAccess
119
85
65
11.1
120
11.3
DOM API
requestStorageAccess

The requestStorageAccess() method of the Document interface allows content loaded in a third-party context (i.e., embedded in an iframe) to request access to third-party cookies and unpartitioned state. This is relevant to user agents that, by default, block access to third-party, unpartitioned cookies to improve privacy (e.g., to prevent tracking), and is…
119
85
65
11.1
120
11.3
permission_storage-access

`storage-access` permission
119
85
117
26.2
120
26.2
Other
html.elements.iframe.allow.storage-access
Experimental
113
113
113
http.headers.Permissions-Policy.storage-access
Experimental

The HTTP Permissions-Policy header storage-access directive controls whether a document loaded in a third-party context (i.e., embedded in an iframe) is allowed to use the Storage Access API to request access to unpartitioned cookies.
113
113
113
1+Supported (version) Not supported Has note Sub-feature descriptions sourced from MDN Web Docs (CC BY-SA 2.5)
Notes 1 item(s)
Implementation note
  • Client-side storage access is granted per-page (see explanation).
Notes 1 item(s)
Implementation note
  • Client-side storage access is granted per-page (see explanation).

Syntax

JAVASCRIPT 
// Run inside the iframe
const hasAccess = await document.hasStorageAccess();
if (!hasAccess) {
  await document.requestStorageAccess();
}
// Access storage
console.log(document.cookie);

Use cases

  • Strengthen integration

    Use Storage access when browser APIs need clearer security boundaries or more explicit capabilities.

  • Connect platform features

    Apply Storage access when your app benefits from deeper browser or device integration.

Cautions

  • Test Storage access in your target browsers and input environments before depending on it as a primary behavior.
  • Provide a fallback path or acceptable degradation strategy when support is still limited.

Accessibility

  • Make sure Storage access supports the intended task without making the page harder to perceive, understand, or operate.

Related links

Powered by web-features